Post navigation

Overview

In this article we will setup an OpenStack environment based off Newton using the Red Hat OpenStack Platform. OpenStack is OpenStack but every distribution differs in what capabilities or technologies are supported and how OpenStack is installed, configured as well as upgraded.

The Red Hat OpenStack Platform uses OpenStack director based on the TripleO (OpenStack on OpenStack) project to install, configure and update OpenStack. Director is a lifecycle management tool for OpenStack. Red Hat’s approach is to make OpenStack easy to manage, without compromising on the “Open” part of OpenStack. If management of OpenStack can be simpler and the learning curve brought down then it has a real chance to be the next-gen virtualization platform. What company wouldn’t want to be able to consume their internal IT resources like using AWS, GCE or Azure if they didn’t give up anything to do so? We aren’t there yet but Red Hat is making bold strides and as you will see in this article, is on a journey to make OpenStack consumable for everyone!

Red Hat OpenStack Platform

The Red Hat OpenStack platform uses director to build, manage and upgrade Red Hat OpenStack. Director is in fact a minimal OpenStack deployment itself, with everything needed to deploy OpenStack. The main piece outside of the OpenStack core (Nova, Neutron, Glance, Swift and Heat) is Ironic. The Ironic project is focused on baremetal-as-a-service.

Director allows you to add physical nodes to Ironic and assign them OpenStack roles: compute, control, storage, network, etc. Once roles are assigned an OpenStack environment can be deployed, upgraded and even scaled. As mentioned director is a complete life-cycle management tool that uses OpenStack to manage OpenStack.

In this article we will deploy director (undercloud) on a single VM. We will add three baremetal nodes (VMs) and then deploy OpenStack (overcloud) in a minimal configuration (1 controller node and 1 compute node). I am able to run this on a laptop with just 12GB RAM.

Lab Environment

My idea for this configuration was build the most minimal OpenStack environment possible, something that would run on my laptop with just 12GB RAM using Red Hat OpenStack Director. In the end this experiment was successful and the configuration used is as follows:

Networking Setup

In this configuration we are using virtual networks provided by the hypervisor host (my laptop). Create provisioning and external networks on KVM Hypervisor host. Ensure that NAT forwarding is enabled and DHCP is disabled on the external network. We run OpenStack overcloud on the external network. The provisioning network should be non-routable and DHCP disabled. The undercloud will handle DHCP services for the provisioning network and other IPs will be statically assigned.

[stack@odpd ~]$ openstack undercloud install
#############################################################################
Undercloud install complete.
The file containing this installation's passwords is at
/home/stack/undercloud-passwords.conf.
There is also a stackrc file at /home/stack/stackrc.
These files are needed to interact with the OpenStack services, and should be
secured.
#############################################################################

Deploy Overcloud

There are two ways to deploy overcloud 1) default 2) customize. You will pretty much always want to customize your deployment but for starting out the default method can be a good way to simplify things and rule out potential problems. I recommend always doing default install just to get a baseline working environment and then throwing it away, redeploying with a customized install

[Undercloud]

Option 1: Default Deployment

The default deployment will put the overcloud on the provisioning network. That means you end up with one network hosting both undercloud and overcloud. The external network is not used.

The really nice thing about director is you have a high degree of customization. In this example we are setting overcloud up on a single 192.168.122.0/24 network. However normally you would have separate networks for OpenStack management, API, public, storage, etc.

Red Hat is making it much easier to troubleshoot deployment problems.While the deployment is running you can follow along in Heat by showing nested steps.

[stack@odpd ~]$ heat stack-list --show-nested

If for some reason the deployment fails, there is now a command to gather up all the information to make it really easy to find out what happened.

[stack@odpd ~]$ openstack stack failures list --long overcloud

Summary

OpenStack is the way of the future for virtualization platforms and I think in the future many traditional virtualization environments will be moving to OpenStack. The choice is simple either they will stay on-premise and become OpenStack or move to public cloud. Of course there will be those that stick with traditional virtualization, there are still lots and lots of mainframes around but clear trend will be to public cloud or OpenStack. The only thing holding OpenStack back is complexity and manageability. Red Hat is focused on making OpenStack simple without losing the “Open” in OpenStack. In other words without compromising on what makes OpenStack a great cloud computing platform. As you have seen in this article Red Hat OpenStack Platform is making great strides and the fact that you can setup an OpenStack environment using enterprise production grade tooling on a 12GB RAM laptop is a good sign.

Thanks for your refrence. It is good topic and nice explaination for LDAP inegration with openstack. But I am looking for Active Directory integartion with openstack, because many corporates are using Active Directory as centralized user management. Please write such step by step guide if you have time. it will be really useful. Thanks

While doing “openstack undercloud install” got below error “file /usr/lib64/python2.7/site-packages/M2Crypto-0.21.1-py2.7.egg-info from install of m2crypto-0.21.1.pulp-13.el7sat.x86_64 conflicts with file from package m2crypto-0.21.1-17.el7.x86_64” . Is there anything that I might have missed or messed up in the installation?

Thanks it was because i didn’t make sure of what repos were enabled. Once I fixed that it went through to some further point and threw some error again. I am using ubuntu has host OS and KVM running on it. I created VM on KVM and installed RHEL on it.. onto which I was trying to install director. Do you think that even the host OS should be RHEL?

Thanks it was because i didn’t make sure of what repos were enabled. Once I fixed that it went through to some further point and threw some error again. I am using ubuntu has host OS and KVM running on it. I created VM on KVM and installed RHEL on it.. onto which I was trying to install director. Do you think that even the host OS should be RHEL?

I know you are trying to create overcloud vm body without OS installed , but I am not able to understand the technical details of the command , BTW , once we created VM body, is there anything we need to do for PXE booting , I mean how to enable network booting in the overcloud nodes ?
Could you kindly explain what this section does , it is quiet difficult for a newbie for me , just an overview is enough sir , ” sudo for i in {1..3}; do qemu-img create -f qcow2 -o preallocation=metadata overcloud-node$i.qcow2 60G; done . and

OpenStack director runs a DHCP and PXE server. You basically configure the VMs to boot from network and then the PXE server (undercloud) installs image. Once this is done they are available and you can deploy openstack overcloud on those nodes and give node a role like conpute or mgmt. The commands above simply create the VMs and add a disk plus setup networking to boot DHCP.

instead of using a laptop, can I deploy 4 VMS on vcenter?
it says to create an external network on the hypervisor. My question is, I will install 4 centos7/thel7 vms and one of them will be KVM/hypervisor. I will install KVM on one of the vm and then will deploy under cloud.

Well if you already have hypervisor of Vms then you dont need an additional one. I had a single bare-metal system so I deployed KVM and on top the VMs but if you have virtualization already you can skip that. Then you just need at minimum 3 VMs (1 for undercloud and 2 for overcloud compute + mgmt).

Hi Keith,
For single vlan deployment, how tagged vlans are created ? did you created in KVM ? please shower some inputs on vlan tagging ( 201 – 204 ) are mentioned in your network-environment.yaml file? , please give some hints on vlan tagging for the overcloud deployment.

My environment was a lab setup so a single physical network, there was no tagging at KVM level. OpenStack overcloud has various networks for example public, API, mgmt, storage, storage mgmt. For each of these vlans are created on the overcloud nodes. If you do “ip a” you will see this. OpenStack uses openvswitch by default to setup the SDN and vlans. This is done automatically by OpenStack director. You simply need to specify the vlans and the interfaces you want to use. Typically for each external network where you have public IPs you will specify interface. The OpenStack communications are all done via SDN and Neutron.

How did you connected your KVM host and undercloud VM ? is through your External network ( NAT ) or have you created a bridge interface in KVM host and connected to undercloud VM ? please let us know . if possible try to please post your undercloud vm creation arguments
Thanks

Is it mandatory to have a non root user in hypervisor host ? or can I SSH as root user to hypervisor host instead of stack, because I am getting stuck during introspection of overclcloud vms, the introspection runs for long hours before it says socket already closed error , however I sshed as root user to hypervisor and gave root as user name in instack json file , any hint or suggestion for how to do successful introspection would be very helpful for me

I am trying to deploy rhel OSP 10 using this guide on KVM hypervisor , I am following steps from your guide , I have no problem till the introspection steps, whenever I am doing introspection it is not successful, that is , when the introspection starts the overcloud node goes to running state and it remains there , it is not automatically goes to shut off state. I think I am missing something here , please let me know some theory / tips behind the introspection step so that I can do successful introspection. I am trying this for 7th time till no success , hopefully after your clarification I will able to deploy successfully

Hi
there is a mis-configuration in udercloud.conf file
you have mentioned
dhcp_start = 192.168.126.100
dhcp_end = 192.168.126.150
and
inspection_iprange = 192.168.126.130,192.168.126.99
So it’s not vaild ……it’s overlapping the range with DHCP.
It should be as following:
dhcp_start = 192.168.126.100
dhcp_end = 192.168.126.150
and
inspection_iprange = 192.168.126.160,192.168.126.199

Looking at logs you are running into timeouts. Are you running things nested, meaning instrospection is happening on VMs (as blog is doing)? If so can you try disabling firewall on hypervisor. This looks to be communications issue.

Watch out for permissions on the overcloud vm disk files if you have placed them outside of /var/lib/libvirt/images. The best way to make sure VMs are bootable via virsh start overcloud-node1 on the baremetal node.

hi, i am facing this problem “The requested action “provide” can not be performed on node “24b3679b-73c0-419e-a017-cc5c97af94e0” while it is in state “enroll”. (HTTP 400)”. overcloud VM always stuck in “enroll” state.Any idea whats going wrong ??

Hi ,
Please check if you are able to access your overcloud nodes manually .
Also see if your instackenv.json has all details entered correctly .
Then delete the nodes from ironic database #ironic delete-node and rerun #openstack baremetal import –json ~/instackenv.json

Does the “ironic” syntax actually belong to Red Hat Openstack 9 and prior version ? I suppose this guide is built around Red Hat Openstack 10 and, in this way, we should use “baremetal node list” command. Am I right ?

Hello Ktenzer, I’m having issue while defining the Networks for KVM like External and Provisioning, bcz my Host and Guest Systems are not pinging and when I performed ‘tcpdump’ for network Interface , It is showing the ‘ARP’ is not able to resolve MAC address .
Please help me to solve this issue.

[stack@director ~]$ openstack baremetal import –json ~/instackenv.json
Started Mistral Workflow. Execution ID: 1597540b-368d-46eb-ac15-f10df2d30c06
Successfully registered node UUID 8a9a6051-f995-4a3b-8d6b-24885afb0123
Successfully registered node UUID 77614e0c-2850-418d-80e6-324889a8774f
Successfully registered node UUID 245dc9b3-d25b-4f32-a4f0-a168994fe692
Started Mistral Workflow. Execution ID: 705845d1-fca2-4396-898a-0fd02798fe14
Failed to set nodes to available state: IronicAction.node.set_provision_state failed: : The requ ested action “provide” can not be performed on node “8a9a6051-f995-4a3b-8d6b-24885afb0123” while it is in state “enroll”.
IronicAction.node.set_provision_state failed: : The requested action “provide” can not be perfor med on node “77614e0c-2850-418d-80e6-324889a8774f” while it is in state “enroll”.
IronicAction.node.set_provision_state failed: : The requested action “provide” can not be perfor med on node “245dc9b3-d25b-4f32-a4f0-a168994fe692” while it is in state “enroll”.

Thank you for the clear guide.
I tried to follow the first steps and I stucked somewhere in the internal networking setup.

I created the “external” and “provisioning” networks successfully by using virsh commands.
I then created the Undercloud VM by using Virtualbox.
Under “System” and “Acceleration” I selected “KVM” as “Paravirtualization Interface”.
Under “Network” I selected:
Adapter 1-> “Internal Network” -> Name: provisioning
Adapter 2-> “Internal Network” -> Name: external

I then launched the VM, and configured on the first nic the IP 192.168.122.90 with /24 mask and 192.168.122.1 as gateway.
I am unable to ping the gateway itself.

Hi Ktenzer, thanks for the reply! Actually I missconfigured the networks but then I solved by using virt-manager instead of virtualbox. There, I could see “external” and “provisioning” networks much more easier. I still have another question in the meanwhile 🙂

UPDATE: nodes are correctly registered but then it fails to switch them from state “enroll” to state “provide”

[stack@ospd ~]$ openstack baremetal import –json ~/instackenv.json
Started Mistral Workflow. Execution ID: 95fa7e74-cfc4-4dc1-847e-d5bd3de967cd
Successfully registered node UUID 37b40b72-9a49-4c3f-92d2-78b2526a5e5b
Successfully registered node UUID a954cd4a-1a24-4bbc-af8b-c2c3041b931d
Successfully registered node UUID 00b41837-e17d-4dbe-a545-788a95a9fbfe
Started Mistral Workflow. Execution ID: f38a7578-29e9-4cc2-9bd1-514aa0caf2ea
Failed to set nodes to available state: IronicAction.node.set_provision_state failed: : The requested action “provide” can not be performed on node “37b40b72-9a49-4c3f-92d2-78b2526a5e5b” while it is in state “enroll”.
IronicAction.node.set_provision_state failed: : The requested action “provide” can not be performed on node “a954cd4a-1a24-4bbc-af8b-c2c3041b931d” while it is in state “enroll”.
IronicAction.node.set_provision_state failed: : The requested action “provide” can not be performed on node “00b41837-e17d-4dbe-a545-788a95a9fbfe” while it is in state “enroll”.

Hi ,
getting confused in setting up the KVM environment while setting up the virtual networks in KVM hypervisor , because of that getting stuck while setting up the environment . Appreciate if you can post your ifconfig -a of your hyeprvisor , undercloud and overcloud-controller VM ?